(Video, Daily Mail) – Not content with stealing your personal information, hackers could soon take control of your car – using a homemade gadget that is smaller than an mobile phone.
Called the CAN Hacking Tool (CHT), the device can be fitted to any car’s Controller Area Network ‘within minutes’ and run malicious code through the vehicle’s system.
Once hackers take hold of this network they can control lights, locks, steering and even brakes – and the it costs just $20 (£12).
The gadget was created by Spanish security researchers Javier Vazquez Vidal and Alberto Garcia Illera.
It was previously showcased at last year’s Black Hat conference in Las Vegas, and now the developers plan to demonstrate the device during the Singapore version of the event in March.
‘It can take five minutes or less to hook it up and then walk away,’ Vazquez Vidal told Forbes. ‘We could then trigger it to do whatever we have programmed it to do.’
Many cars come with built-in software that run on an operating system in a similar way to phones and computers.
The tool has four wires that are attached to the different outputs of a car’s controller network.
A $1 computer chip is used to bypass any encryption on the car before reading and writing data from the flash memory of the vehicle’s engine control unit.
The gadget is smaller than an iPhone, meaning it sits in the palm of the hacker’s hand, and can be controlled remotely.
Hackers can use any command they want to program an action via the CHT, and this includes disabling the brakes, deploying the airbag, locking the doors and enabling the alarm.
Vazquez Vidal and Garcia Illera’s gadget is not the first example of hackers exploiting the vulnerability of car systems and software.
Using a laptop wirelessly connected to a car’s electronics, Indiana security engineers Charlie Miller and Chris Valasek were able to remotely control the brakes, the accelerator, change the speedometer, switch the headlights on and off, tighten the seatbelts and even blast the horn inside a Toyota Prius and Ford Escape.
Their project was funded by a grant from the U.S Defense Advanced Research Projects Agency to highlight the security risks affecting modern-day cars.
By hacking the network in the two cars, and exploiting Bluetooth bugs, the software became hackable and the researchers said it was possible to send remote code executions from a mobile device.
Remote code executions let people remotely control the car’s features.
Toyota previously said it ‘wasn’t impressed’ with Miller and Valasek’s hack and claimed its systems were robust and secure.
A Ford spokesman said they were taking the hack ‘very seriously’.
Researchers from the University of Washington and the University of California, San Diego were the first to publish findings into hacking software in cars in 2010.
Valasek said: ‘Academics have shown you can get remote code execution. We showed you can do a lot of crazy things once you’re inside.’ – Daily Mail: The gadget that can hack any CAR: Terrifying £12 tool can remotely control headlights, locks, steering and even brakes
17 thoughts on “The gadget that can hack any CAR: Terrifying £12 tool can remotely control headlights, locks, steering and even brakes”
Wish they could hack the choke on my carb. Damn thing is off when it should be on, and on would it should be off. I tried downloading a new program, but there is no download port. Just a fuse block with this round thingy that goes click-click when I turn on the turn signals. I also can’t seem to shift into overdrive and can’t find the switches for my power windows and cruise control. Maybe OnStar can help….
Sounds like what could have happened to Michael Hastings .
yes it does! it makes me wonder what else they can do. Like syrius satellite radio has been giving free listening the last couple of months, how can they turn your radio on for free, and disable it when you do not pay. I bought my jeep used, it has the satellite radio in it, I don’t use it, but they know I have it because every month I get something in the mail about their specials, etc. So I know they are tracking my jeep.
Its exactly what happened to MH..and im sure a few others since..
remember all that accelerator issues with the Honda’s autos? shows that these systems can be manipulated or wrongly programmed ..not only that but if you own a Ford, or Chevy, or Chrysler after about the year 2001 or so..they all have black boxes that can narc on your driving habits, and or control certain functions of your car with out your physical input..
Watched a police video where a stolen GM truck was shut down while in a high speed chase..BY–On star, and a request from the cops
they ran the plate, found the owner..which led them to the vehicle vin# and had On-Star shut the vehicle down
its well known by now, or at least I would think it should be..systems in these modern cars can be manipulated by outside sources ..
there was even a video on You tube of someone controlling a car with a lap top..and it was done remotely
Stopping , accelerating and many other functions of the vehicle
that speaker in the car that talks to you to tell you when to turn , cause your too lazy to read a map..you know the one? well it can also listen to what ever you say too
Thats why when i bought my jeep i made sure it was older.A 64 so no smog,computers or any of the modern crap.
I would of bought an older jeep if I could of found one. The only one that I did find, was totally rusted out. My jeep is a 2010, and it was acting funny, brought it to the dealership, it needed a software upgrade. So my jeep is nothing but a frickin computer. If I can ever afford it, I am going to rip it down and take all of the wiring, computers out. I want to find the old jeep engine, that they had before computers and put that in there.
As soon as that POS is paid off we are getting a 4.0 and ripping all of the computers out!!!!
Check the laws for smog in your state Bulldog. I was going to buy a newer one and put a four cyl diesel in it and they told me they wouldn’t register it because it wouldn’t have the original equipment in it. Hence the older one. It’s rusted out but the power train is good. I’ll sit on an orange crate if I have to.
Louisiana doesn’t check all of that stuff for inspections. They just look at lights and brakes. Sometimes they check catalytic convertors. Missy hates the computers in the Jeep. It is still a jeep for frame and suspension, but the things are all computerized now.
I want to get a switch for my diesel also that can turn off my glow plugs. I heard that that is the part of a diesel that gets hit in an EMP.
I would have just swapped the motor out and kept mum. Five will get you ten the educated fools would have never caught it. If the emissions were a problem, a title and set of VIN numbers would seem the remedy.
I don’t think I would ever let somebody tell me what I could put together to drive. If they didn’t want to give my licence, I’d drive the son of a bitch without them.
heres one for ya
I own a Chevy Silverado
I don’t have the satilight radio paid for, I never listened to it anyways, I don’t have on -star paid for either..I know how to change a flat tire my dam self
well I always have my radio tuned to my favorite FM station..out of the blue one day my radio is on the satelight stations.., Ive had this happen a few more times..they have access to it..
so I found the fuze that is part of that communication system and I pulled it..never done it since.
now if I could find a way to pull all that black box shit and the rest of it out I would, but its all tied into the trucks wiring system , and will F the truck up if I unplugged it..
Im glad I have some old school cars I can drive when the curtain goes up
No threat to me. You wouldn’t be able to start my truck if I gave you the key.
And this is why I refuse to buy a car with an electronic ignition button among other things. I like to control my car rather than have my car control me.
Yet, the salesman and my friends for some reason think I’m strange. Yes, I guess I am and I guess they are strange to me because they care more about flashy new blinking gadgets that make your car go “Bling! Bling!” than whether or not you’ll be able to CONTROL your own car in the face of danger.
Hey NC, I bought mine used, had no clue it was full of computers 🙁 Please don’t hate me!! LOL. I just want the computers gone, I love my jeep, it’s 4 wheel drive, it’s a rubicon with that great suspension, I have to hop into it, with my old grey haired butt!! My daughter is always complaining, Mom we need steps!! It is the best vehicle ever, EXCEPT the engine is run by computers. I should of done my homework, but I needed a vehicle, saw this jeep and fell in Love! I thought Jeep, they are old school, WRONG!!!’
Well 10,000 more payments to go, (not really) and as soon as she is paid off, engine is out, old engine in!!
Yea, it’s almost impossible to get a custom made car anymore. They give excuses that it’s because it is too much of a hassle since the factories are overseas now. (Gee….who’s fault was that? How is that my problem? Where is the customer service? Where is my freedom to choose? Bunch of Communists! Only freedom is the choice they give you. Honda Accord or Civic?)
No longer can you build your own car. The dealers have made everything “Standardized” so that the electronics are installed no matter what and the rest of the flashy attachments are customized which is basically little things you can buy at an auto store afterwards for a cheaper price.
They do it on purpose because they want to be able to track and control everyone’s car with their boxes and electronic systems like they are doing now. Basically forcing it on you like everything else.
And guess who will probably eventually be out of a job soon, if everything is officially electronic and can be fixed by a re-boot button after the government or the dealer presses a few coded keys? Yep, the local mechanic. There goes more jobs.
The government only cares about more centralization which means consolidation and bye bye branches and third party vendors.
I agree, the Disney movie “robots”. It is interesting how Disney knows things!!!! They are part of the TPTB!!
Disney is EVIL! 👿
I started working for Disney English in Beijing as an Assistant Director and quit based on principle, after the training when we had a meeting with the cocky Regional Director and his stuck up, young, Asian female corporate assistant (who I’m sure he’s slept with a dozen times before he arrived there and was doing everything she could to climb the corporate ladder).
Anyways, the bastard director was in it for the money and treated education as a “product” and a “business” and the children or students as “clients” and teachers as “trainers” or “instructors”. So insulting and degrading. Basically treating everyone like a product or a number in a Nazi boot camp, rather than a person. I refused to take part in it and found a better ESL job afterwards where they focused more on education and people and not on dollar signs.